Jump to:

We're rendering flag for anonymous users and redirecting to login page when it's clicked using JavaScript. Either some users don't have JavaScript enabled, or some crawlers do not respect nofollow, but we see a lot of "cannot modify header information..." noise in our logs. It seems that it's caused by calling drupal_access_denied() which eventually leads to ob_flush() through drupal_deliver_page(), but when flag_page() returns, drupal_deliver_page() is called again. Documentation suggests not calling drupal_access_denied(), but returning MENU_ACCESS_DENIED, which would fix this. So, I'm proposing a very small change:

Flag 2.x is pretty much already in a 'minimal maintenance' state, which means that patches get committed if people backport them. I'll make 2.x branch releases every few months or when major bugs are fixed.